public ActionResult NewPassword(NewPasswordModel newPassword) { try { // Make sure everything is in order. newPassword.Validate(); // First look for the login id. IRegisteredUser user = null; var userId = _loginCredentialsQuery.GetUserId(newPassword.LoginId); if (userId != null) { user = _usersQuery.GetUser(userId.Value); } else { // Look for an employer treating it as an email address. var employers = _employersQuery.GetEmployers(newPassword.LoginId); if (employers.Count > 1) { ModelState.AddModelError(string.Format("There is more than one user with the specified email address. Please enter one of the usernames or <a href=\"{0}\">contact us</a> for assistance.", SupportRoutes.ContactUs.GenerateUrl())); return(View("NewPasswordSent", newPassword)); } if (employers.Count == 1) { user = employers[0]; } } if (user == null || user.UserType == UserType.Administrator) { ModelState.AddModelError("The user cannot be found. Please try again."); } else { // Now reset the password. var credentials = _loginCredentialsQuery.GetCredentials(user.Id); _loginCredentialsCommand.ResetPassword(user.Id, credentials); return(View("NewPasswordSent", newPassword)); } } catch (UserException ex) { ModelState.AddModelError(ex, new StandardErrorHandler()); } return(View(newPassword)); }